PEP 639 license information

[DimitriPapadopoulos]

Summary

New attempt at #19499, which was reverted by #19599 and #19624.

1. Declare licenses in pyproject.toml using keys license and license-files, as per PEP 639:
   • license: SPDX license expression
   • license-files: list of license file glob patterns
2. Keep the Trove classifier in an attempt to remain compatible with tools that do not support PEP 639 yet, such as pip-licenses. Hopefully the build system will not complain about the redundant/obsolete classifier.

In theory, maturin ≥ 1.9 supports PEP 639, which means the proper licensing metadata should be included in packages and seen by PyPI:
https://www.maturin.rs/changelog.html

In practice, maturin < 1.9.3 does not take license-files into account and the LICENSE file is therefore missing from packages (#19599 (comment)).

Test Plan

Check the package metadata (PKG-INFO) after:

uv build --sdist

Also test against the obsolete ecosystem (pip-licenses).

[DimitriPapadopoulos]

Works now:

$ uv build --sdist
Building source distribution...
Running `maturin pep517 write-sdist --sdist-directory /path/to/ruff/dist`
[...]
📦 Built source distribution to /path/to/ruff/dist/ruff-0.12.7.tar.gz
ruff-0.12.7.tar.gz
Successfully built dist/ruff-0.12.7.tar.gz
$ 
$ tar xf dist/ruff-0.12.7.tar.gz 
$ 
$ grep License ruff-0.12.7/PKG-INFO
License-File: LICENSE
License-Expression: MIT
$ 
$ find ruff-0.12.7 -name 'LICENSE*'
ruff-0.12.7/LICENSE
ruff-0.12.7/crates/ruff_annotate_snippets/LICENSE-MIT
ruff-0.12.7/crates/ruff_annotate_snippets/LICENSE-APACHE
ruff-0.12.7/crates/ty_vendored/vendor/typeshed/LICENSE
$ 

Note that the LICENSE file is not picked up if I remove the license-files line. Unlike build systems such as setuptools or flit, maturin appears not to provide a default glob that would pick up common licence file names.

[MichaReiser]

We should keep this line (for the reason the comment says). we don't want to break downstream users for no good reason.

[DimitriPapadopoulos]

I've read #19599 (comment) but I don't think "this causes significant churn" any more:

• Lots of projetcs have moved to PEP 639, including:
  • setuptools
  • flit
  • build
  • packaging
  • installer
  • wheel
  • maturin
  • pip
  • flake8 (removed Trove classifier but still using setup.cfg)
  • pycodestyle (removed Trove classifier but still using setup.cfg)
  • black
  • ...
• pip-licences is unmaintained and has been forked and superseded by pip-licenses-cli.
• pip 25.0 supports PEP 639: SPDX License Expressions
• typing_extensions have not reverted their change, instead tooling has been fixed

[MichaReiser]

It still creates churn for no very good reason as the issues in typing extensions demonstrate. It's also not always easy for projects to update their dependencies.

I just don't see a strong reason for making this change other than: Some PEP recommends it. That's why I don't feel comfortable merging this as is.

[DimitriPapadopoulos]

My point was that projects will have to update their dependencies any way, as other dependencies will force them to. Additionally, ruff usually isn't a dependency of sdist or wheel packages, it's a tool for developers. It shouldn't even appear in the final licence list.

But then I agree it doesn't hurt to keep the classifier for a few years.

[DimitriPapadopoulos]

After reverting and putting the classifier back, this PR changes licensing information in PKG-INFO from:

Classifier: License :: OSI Approved :: MIT License
License-File: LICENSE

to:

Classifier: License :: OSI Approved :: MIT License
License-File: LICENSE
License-Expression: MIT

[MichaReiser]

This seems fine?